diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md index c5bc78976e62..270515db788c 100644 --- a/sdk/identity/azure-identity/CHANGELOG.md +++ b/sdk/identity/azure-identity/CHANGELOG.md @@ -4,6 +4,7 @@ ### Features Added - Added CAE Authentication support for Service principal authentication. +- Added the ability to log PII from MSAL using new `enableSupportLogging` API. ### Other Changes diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AadCredentialBuilderBase.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AadCredentialBuilderBase.java index 403ac0d19dcd..781c50dc10bd 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AadCredentialBuilderBase.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AadCredentialBuilderBase.java @@ -126,4 +126,15 @@ public T disableInstanceDiscovery() { this.identityClientOptions.disableInstanceDiscovery(); return (T) this; } + + /** + * Enables additional support logging for public and confidential client applications. This enables + * PII logging in MSAL4J as described here. + * @return An updated instance of this builder with additional support logging enabled. + */ + @SuppressWarnings("unchecked") + public T enableSupportLogging() { + this.identityClientOptions.enableSupportLogging(); + return (T) this; + } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java index bdc933df3078..975ed85b8732 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredential.java @@ -20,7 +20,7 @@ /** *

Authorization Code authentication in Azure is a type of authentication mechanism that allows users to - * authenticate with Azure Active + * authenticate with Azure Active * Directory (Azure AD) and obtain an authorization code that can be used to request an access token to access * Azure resources. It is a widely used authentication mechanism and is supported by a wide range of Azure services * and applications. It provides a secure and scalable way to authenticate users and grant them access to Azure diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java index cd5d67519747..dc9eeb55399b 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AuthorizationCodeCredentialBuilder.java @@ -13,7 +13,7 @@ *

Fluent credential builder for instantiating a {@link AuthorizationCodeCredential}.

* *

Authorization Code authentication in Azure is a type of authentication mechanism that allows users to - * authenticate with Azure Active + * authenticate with Azure Active * Directory (Azure AD) and obtain an authorization code that can be used to request an access token to access * Azure resources. It is a widely used authentication mechanism and is supported by a wide range of Azure services * and applications. It provides a secure and scalable way to authenticate users and grant them access to Azure diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java index 0ee540096db1..fb6a13cd629b 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredential.java @@ -18,9 +18,9 @@ /** *

The Azure CLI is a command-line tool that allows users to manage Azure resources from their local machine or * terminal. It allows users to - * authenticate interactively as a + * authenticate interactively as a * user and/or a service principal against - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * . The AzureCliCredential authenticates in a development environment and acquires a token on behalf of the * logged-in user or service principal in Azure CLI. It acts as the Azure CLI logged in user or service principal * and executes an Azure CLI command underneath to authenticate the application against Azure Active Directory.

diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredentialBuilder.java index 2e34b03d5054..a7d50257262b 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureCliCredentialBuilder.java @@ -17,9 +17,9 @@ * *

The Azure CLI is a command-line tool that allows users to manage Azure resources from their local machine or * terminal. It allows users to - * authenticate interactively as a + * authenticate interactively as a * user and/or a service principal against - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * . The AzureCliCredential authenticates in a development environment and acquires a token on behalf of the * logged-in user or service principal in Azure CLI. It acts as the Azure CLI logged in user or service principal * and executes an Azure CLI command underneath to authenticate the application against Azure Active Directory.

diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredential.java index c43f5d2ae307..1130893fc542 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredential.java @@ -19,7 +19,7 @@ *

Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific * to Azure developers. It allows users to authenticate as a user and/or a service principal against - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * . The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of * the logged-in user or service principal in Azure Developer CLI. It acts as the Azure Developer CLI logged in user or * service principal and executes an Azure CLI command underneath to authenticate the application against diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredentialBuilder.java index bb9b39627e5c..5aa62b7853e8 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzureDeveloperCliCredentialBuilder.java @@ -18,7 +18,7 @@ *

Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific * to Azure developers. It allows users to authenticate as a user and/or a service principal against - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * . The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of * the logged-in user or service principal in Azure Developer CLI. It acts as the Azure Developer CLI logged in user or * service principal and executes an Azure CLI command underneath to authenticate the application against diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredential.java index 44c1d0f89a1b..fc6b41cb692a 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredential.java @@ -17,7 +17,7 @@ /** *

The Azure Powershell is a command-line tool that allows users to manage Azure resources from their local machine * or terminal. It allows users to - * authenticate interactively + * authenticate interactively * as a user and/or a service principal against * Azure Active Directory (Azure AD) * . The AzurePowershellCredential authenticates in a development environment and acquires a token on behalf of the diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredentialBuilder.java index 737c4ba92586..8e253a980be0 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/AzurePowerShellCredentialBuilder.java @@ -15,7 +15,7 @@ * *

The Azure Powershell is a command-line tool that allows users to manage Azure resources from their local machine * or terminal. It allows users to - * authenticate interactively + * authenticate interactively * as a user and/or a service principal against * Azure Active Directory (Azure AD) * . The {@link AzurePowerShellCredential} authenticates in a development environment and acquires a token on diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java index ee634aef031d..e858ee0898a9 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredential.java @@ -25,7 +25,7 @@ * In this authentication method, the client application creates a JSON Web Token (JWT) that includes information about * the service principal (such as its client ID and tenant ID) and signs it using a client secret. The client then * sends this token to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * as proof of its identity. Azure AD verifies the token signature and checks that the service principal has * the necessary permissions to access the requested Azure resource. If the token is valid and the service principal is * authorized, Azure AD issues an access token that the client application can use to access the requested resource. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java index 1def7aa7c7b7..9e261bd3938f 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientAssertionCredentialBuilder.java @@ -18,7 +18,7 @@ * In this authentication method, the client application creates a JSON Web Token (JWT) that includes information about * the service principal (such as its client ID and tenant ID) and signs it using a client secret. The client then * sends this token to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * as proof of its identity. Azure AD verifies the token signature and checks that the service principal has * the necessary permissions to access the requested Azure resource. If the token is valid and the service principal is * authorized, Azure AD issues an access token that the client application can use to access the requested resource. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java index bb685314a77e..a6ccad88b2c1 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredential.java @@ -21,12 +21,12 @@ /** *

The ClientCertificateCredential acquires a token via service principal authentication. It is a type of * authentication in Azure that enables a non-interactive login to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * , allowing an application or service to authenticate itself with Azure resources. * A Service Principal is essentially an identity created for an application in Azure AD that can be used to * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. - * Azure Active Directory + * Azure Active Directory * (Azure AD) allows users to register service principals which can be used as an identity for authentication. * A client certificate associated with the registered service principal is used as the password when authenticating * the service principal. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java index 4e62eea90d89..2e5bbadb8ae5 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java @@ -13,12 +13,12 @@ * *

The ClientCertificateCredential acquires a token via service principal authentication. It is a type of * authentication in Azure that enables a non-interactive login to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * , allowing an application or service to authenticate itself with Azure resources. * A Service Principal is essentially an identity created for an application in Azure AD that can be used to * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. - * Azure Active Directory + * Azure Active Directory * (Azure AD) allows users to register service principals which can be used as an identity for authentication. * A client certificate associated with the registered service principal is used as the password when authenticating * the service principal. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java index 72f47573499e..af1e6683e1e6 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredential.java @@ -21,12 +21,12 @@ /** *

The ClientSecretCredential acquires a token via service principal authentication. It is a type of authentication * in Azure that enables a non-interactive login to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * , allowing an application or service to authenticate itself with Azure resources. * A Service Principal is essentially an identity created for an application in Azure AD that can be used to * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. - * Azure Active Directory + * Azure Active Directory * (Azure AD) allows users to register service principals which can be used as an identity for authentication. * A client secret associated with the registered service principal is used as the password when authenticating the * service principal. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java index 2696cf4fe3fc..330cd95f6a66 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientSecretCredentialBuilder.java @@ -11,12 +11,12 @@ * *

The {@link ClientSecretCredential} acquires a token via service principal authentication. It is a type of * authentication in Azure that enables a non-interactive login to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * , allowing an application or service to authenticate itself with Azure resources. * A Service Principal is essentially an identity created for an application in Azure AD that can be used to * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. - * Azure Active Directory + * Azure Active Directory * (Azure AD) allows users to register service principals which can be used as an identity for authentication. * A client secret associated with the registered service principal is used as the password when authenticating the * service principal. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java index e50e14c5f359..505e9f7f3173 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredential.java @@ -24,12 +24,12 @@ *

  • {@link ManagedIdentityCredential} - If the application deploys to an Azure host with Managed Identity enabled, * the DefaultAzureCredential will authenticate with that account.
    • *
  • {@link IntelliJCredential} - If you've authenticated via - * Azure Toolkit for + * Azure Toolkit for * IntelliJ, the DefaultAzureCredential will authenticate with that account.
    • *
  • {@link AzureCliCredential} - If you've authenticated an account via the Azure CLI {@code az login} command, the * DefaultAzureCredential will authenticate with that account.
    • *
  • {@link AzurePowerShellCredential} - If you've authenticated an account via the - * Azure Power Shell {@code Az Login} + * Azure Power Shell {@code Az Login} * command, the DefaultAzureCredential will authenticate with that account.
    • *
  • Fails if none of the credentials above could be created.
    • * @@ -72,7 +72,7 @@ *

    Sample: Construct DefaultAzureCredential with User Assigned Managed Identity

    * *

    User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that is associated with one or more Azure resources. This identity can then be used to authenticate and * authorize access to various Azure services and resources. The following code sample demonstrates the creation of * a DefaultAzureCredential to target a user assigned managed identity, using the diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java index 3af3a12b78b8..e309b9ac7d32 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DefaultAzureCredentialBuilder.java @@ -43,7 +43,7 @@ *

    Sample: Construct DefaultAzureCredential with User Assigned Managed Identity

    * *

    User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that is associated with one or more Azure resources. This identity can then be used to authenticate and * authorize access to various Azure services and resources. The following code sample demonstrates the creation of * a {@link DefaultAzureCredential} to target a user assigned managed identity, using the DefaultAzureCredentialBuilder diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java index 6bdd27730ac6..51bf99ede695 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java @@ -22,7 +22,7 @@ /** *

    Device code authentication is a type of authentication flow offered by - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that allows users to sign in to applications on devices that don't have a web browser or a keyboard. * This authentication method is particularly useful for devices such as smart TVs, gaming consoles, and * Internet of Things (IoT) devices that may not have the capability to enter a username and password. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java index fc3e834dd8d0..b69eff60ae3e 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredentialBuilder.java @@ -15,7 +15,7 @@ * Fluent credential builder for instantiating a {@link DeviceCodeCredential}. * *

    Device code authentication is a type of authentication flow offered by - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that allows users to sign in to applications on devices that don't have a web browser or a keyboard. * This authentication method is particularly useful for devices such as smart TVs, gaming consoles, and * Internet of Things (IoT) devices that may not have the capability to enter a username and password. diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java index 8d2916199375..6513285bc05a 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredential.java @@ -24,11 +24,11 @@ /** *

    IntelliJ IDEA is an integrated development environment (IDE) developed by JetBrains, which provides a variety of * features to support software development, such as code completion, debugging, and testing. - * Azure offers Azure Toolkit + * Azure offers Azure Toolkit * for IntelliJ plugin for the IntelliJ IDEA development environment. It * enables developers to create, test, and deploy Java applications to the Azure cloud platform. In order to * use the plugin authentication as a user or service principal against - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * is required. * The IntelliJCredential authenticates in a development environment and acquires a token on behalf of the * logged-in account in Azure Toolkit for IntelliJ. It uses the logged in user information on the IntelliJ IDE and uses diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredentialBuilder.java index 00e680786fb4..ed6e599ea779 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/IntelliJCredentialBuilder.java @@ -16,11 +16,11 @@ * *

    IntelliJ IDEA is an integrated development environment (IDE) developed by JetBrains, which provides a variety of * features to support software development, such as code completion, debugging, and testing. - * Azure offers Azure Toolkit + * Azure offers Azure Toolkit * for IntelliJ plugin for the IntelliJ IDEA development environment. It enables developers to create, test, and * deploy Java applications to the Azure cloud platform. In order to use the plugin authentication as a user or * service principal against - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * is required. * The {@link IntelliJCredential} authenticates in a development environment and acquires a token on behalf of the * logged-in account in Azure Toolkit for IntelliJ. It uses the logged in user information on the IntelliJ IDE and uses diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java index fa4cba2dd50f..fc9fbd08dd9f 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java @@ -21,7 +21,7 @@ /** *

    Interactive browser authentication is a type of authentication flow offered by - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that enables users to sign in to applications and services using a web browser. This authentication method is * commonly used for web applications, where users enter their credentials directly into a web page. * With interactive browser authentication, the user navigates to a web application and is prompted to enter their diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java index 7bca56181741..520a1b995341 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredentialBuilder.java @@ -16,7 +16,7 @@ * Fluent credential builder for instantiating a {@link InteractiveBrowserCredential}. * *

    Interactive browser authentication is a type of authentication flow offered by - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that enables users to sign in to applications and services using a web browser. This authentication method is * commonly used for web applications, where users enter their credentials directly into a web page. * With interactive browser authentication, the user navigates to a web application and is prompted to enter their diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java index e46e1dc7ad2d..ececb7de0ed3 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredential.java @@ -19,9 +19,9 @@ import java.time.Duration; /** - *

    Azure + *

    Azure * Managed Identity is a feature in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that provides a way for applications running on Azure to authenticate themselves with Azure resources without * needing to manage or store any secrets like passwords or keys. * The ManagedIdentityCredential authenticates the configured managed identity (system or user assigned) of an @@ -62,7 +62,7 @@ *

    Sample: Construct a User Assigned ManagedIdentityCredential

    * *

    User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that is associated with one or more Azure resources. This identity can then be * used to authenticate and authorize access to various Azure services and resources. The following code sample * demonstrates the creation of a ManagedIdentityCredential to target a user assigned managed identity, using the diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredentialBuilder.java index dd7c3b546bf6..422548fdf37d 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ManagedIdentityCredentialBuilder.java @@ -8,9 +8,9 @@ /** *

    Fluent credential builder for instantiating a {@link ManagedIdentityCredential}.

    * - *

    Azure + *

    Azure * Managed Identity is a feature in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that provides a way for applications running on Azure to authenticate themselves with Azure resources without * needing to manage or store any secrets like passwords or keys. * The {@link ManagedIdentityCredential} authenticates the configured managed identity (system or user assigned) of an @@ -36,7 +36,7 @@ *

    Sample: Construct a User Assigned ManagedIdentityCredential

    * *

    User-Assigned Managed Identity (UAMI) in Azure is a feature that allows you to create an identity in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that is associated with one or more Azure resources. This identity can then be used to authenticate and * authorize access to various Azure services and resources. The following code sample demonstrates the creation of a * {@link ManagedIdentityCredential} to target a user assigned managed identity, using the diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java index 410c75282560..cc6260383d8f 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java @@ -22,7 +22,7 @@ /** *

    Username password authentication is a common type of authentication flow used by many applications and services, - * including Azure Active Directory + * including Azure Active Directory * (Azure AD) . With username password authentication, users enter their username and password credentials to sign * in to an application or service. * The UsernamePasswordCredential authenticates a public client application and acquires a token using the diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java index ee759b0ad1b8..72f624b94a59 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredentialBuilder.java @@ -14,7 +14,7 @@ * Fluent credential builder for instantiating a {@link UsernamePasswordCredential}. * *

    Username password authentication is a common type of authentication flow used by many applications and services, - * including Azure Active Directory + * including Azure Active Directory * (Azure AD) . With username password authentication, users enter their username and password credentials to sign * in to an application or service. * The {@link UsernamePasswordCredential} authenticates a public client application and acquires a token using the diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBase.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBase.java index 3e171401c554..ea4849f030ae 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBase.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBase.java @@ -214,7 +214,10 @@ ConfidentialClientApplication getConfidentialClient(boolean enableCae) { ConfidentialClientApplication.Builder applicationBuilder = ConfidentialClientApplication.builder(clientId, credential); try { - applicationBuilder = applicationBuilder.authority(authorityUrl).instanceDiscovery(options.isInstanceDiscoveryEnabled()); + applicationBuilder = applicationBuilder + .logPii(options.isSupportLoggingEnabled()) + .authority(authorityUrl) + .instanceDiscovery(options.isInstanceDiscoveryEnabled()); if (!options.isInstanceDiscoveryEnabled()) { LOGGER.log(LogLevel.VERBOSE, () -> "Instance discovery and authority validation is disabled. In this" @@ -281,7 +284,9 @@ PublicClientApplication getPublicClient(boolean sharedTokenCacheCredential, bool + tenantId; PublicClientApplication.Builder builder = PublicClientApplication.builder(clientId); try { - builder = builder.authority(authorityUrl).instanceDiscovery(options.isInstanceDiscoveryEnabled()); + builder = builder + .logPii(options.isSupportLoggingEnabled()) + .authority(authorityUrl).instanceDiscovery(options.isInstanceDiscoveryEnabled()); if (!options.isInstanceDiscoveryEnabled()) { LOGGER.log(LogLevel.VERBOSE, () -> "Instance discovery and authority validation is disabled. In this" @@ -340,7 +345,11 @@ ConfidentialClientApplication getManagedIdentityConfidentialClient() { ConfidentialClientApplication.Builder applicationBuilder = ConfidentialClientApplication.builder(clientId == null ? "SYSTEM-ASSIGNED-MANAGED-IDENTITY" : clientId, credential); - applicationBuilder.validateAuthority(false); + + applicationBuilder + .validateAuthority(false) + .logPii(options.isSupportLoggingEnabled()); + try { applicationBuilder = applicationBuilder.authority(authorityUrl); } catch (MalformedURLException e) { @@ -395,7 +404,9 @@ ConfidentialClientApplication getWorkloadIdentityConfidentialClient() { : clientId, credential); try { - applicationBuilder = applicationBuilder.authority(authorityUrl).instanceDiscovery(options.isInstanceDiscoveryEnabled()); + applicationBuilder = applicationBuilder.authority(authorityUrl) + .logPii(options.isSupportLoggingEnabled()) + .instanceDiscovery(options.isInstanceDiscoveryEnabled()); if (!options.isInstanceDiscoveryEnabled()) { LOGGER.log(LogLevel.VERBOSE, () -> "Instance discovery and authority validation is disabled. In this" diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java index 073261e4aae5..7c806b041f56 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java @@ -73,6 +73,7 @@ public final class IdentityClientOptions implements Cloneable { private Duration credentialProcessTimeout = Duration.ofSeconds(10); private boolean isChained; + private boolean enableSupportLogging; /** * Creates an instance of IdentityClientOptions with default settings. @@ -713,6 +714,23 @@ public IdentityClientOptions setChained(boolean isChained) { return this; } + /** + * Gets the status whether support logging is enabled or not. + * @return the flag indicating if support logging is enabled or not. + */ + public boolean isSupportLoggingEnabled() { + return enableSupportLogging; + } + + /** + * Enables additional support logging (including PII) for MSAL based credentials. + * @return the updated client options + */ + public IdentityClientOptions enableSupportLogging() { + this.enableSupportLogging = true; + return this; + } + public IdentityClientOptions clone() { IdentityClientOptions clone = new IdentityClientOptions() .setAdditionallyAllowedTenants(this.additionallyAllowedTenants) @@ -745,6 +763,9 @@ public IdentityClientOptions clone() { if (!isInstanceDiscoveryEnabled()) { clone.disableInstanceDiscovery(); } + if (isSupportLoggingEnabled()) { + clone.enableSupportLogging(); + } return clone; } } diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/package-info.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/package-info.java index ffdfd5b7fca6..87714251b117 100644 --- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/package-info.java +++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/package-info.java @@ -3,7 +3,7 @@ /** *

    The Azure Identity library provides - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * token authentication support across the * Azure SDK. The library focuses on * OAuth authentication with Azure AD, and it offers various credential classes capable of acquiring an Azure AD token @@ -120,9 +120,9 @@ * *

    Authenticating on Azure Hosted Platforms via Managed Identity

    * - *

    Azure + *

    Azure * Managed Identity is a feature in - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * that provides a way for applications running on Azure to authenticate themselves with Azure resources without * needing to manage or store any secrets like passwords or keys.

    * @@ -192,12 +192,12 @@ *

    Authenticate with Service Principals

    * *

    Service Principal authentication is a type of authentication in Azure that enables a non-interactive login to - * Azure Active Directory (Azure AD) + * Azure Active Directory (Azure AD) * , allowing an application or service to authenticate itself with Azure resources. * A Service Principal is essentially an identity created for an application in Azure AD that can be used to * authenticate with Azure resources. It's like a "user identity" for the application or service, and it provides * a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. - * Azure Active Directory + * Azure Active Directory * (Azure AD) allows users to register service principals which can be used as an identity for authentication. * A client secret and/or a client certificate associated with the registered service principal is used as the password * when authenticating the service principal.

    @@ -269,7 +269,7 @@ * *

    User credential authentication is a type of authentication in Azure that involves a user providing their * username and password to authenticate with Azure resources. In Azure, user credential authentication can be used to - * authenticate with Azure Active + * authenticate with Azure Active * Directory (Azure AD).

    * *

    The Azure Identity library supports user credentials based authentication via diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientTests.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientTests.java index ed2baf965e50..d7df33ced98c 100644 --- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientTests.java +++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientTests.java @@ -509,6 +509,8 @@ private void mockForManagedIdentityFlow(String secret, String clientId, TokenReq }); } }); + when(builder.logPii(anyBoolean())).thenReturn(builder); + when(builder.validateAuthority(anyBoolean())).thenReturn(builder); when(builder.build()).thenReturn(application); })) { // Mocking the static builder to ensure we pass the right thing to it. @@ -528,6 +530,7 @@ private void mockForClientSecret(String secret, TokenRequestContext request, Str when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); ConfidentialClientApplication application = Mockito.mock(ConfidentialClientApplication.class); when(application.acquireToken(any(ClientCredentialParameters.class))).thenAnswer(invocation -> { ClientCredentialParameters argument = (ClientCredentialParameters) invocation.getArguments()[0]; @@ -557,6 +560,7 @@ private void mockForClientCertificate(TokenRequestContext request, String access when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); ConfidentialClientApplication application = Mockito.mock(ConfidentialClientApplication.class); when(application.acquireToken(any(ClientCredentialParameters.class))).thenAnswer(invocation -> { ClientCredentialParameters argument = (ClientCredentialParameters) invocation.getArguments()[0]; @@ -582,6 +586,7 @@ private void mockForDeviceCodeFlow(TokenRequestContext request, String accessTok try (MockedConstruction publicClientApplicationMock = mockConstruction(PublicClientApplication.Builder.class, (builder, context) -> { when(builder.authority(any())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); PublicClientApplication application = Mockito.mock(PublicClientApplication.class); when(application.acquireToken(any(DeviceCodeFlowParameters.class))).thenAnswer(invocation -> { DeviceCodeFlowParameters argument = (DeviceCodeFlowParameters) invocation.getArguments()[0]; @@ -626,6 +631,7 @@ private void mockForClientPemCertificate(String accessToken, TokenRequestContext when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); }) ) { staticConfidentialClientApplicationMock.when(() -> ConfidentialClientApplication.builder(eq(CLIENT_ID), any())).thenCallRealMethod(); @@ -716,6 +722,7 @@ private void mockForBrowserAuthenticationCodeFlow(String token, TokenRequestCont when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); })) { test.run(); Assert.assertNotNull(publicClientApplicationMock); @@ -748,6 +755,7 @@ private void mockForAuthorizationCodeFlow(String token1, TokenRequestContext req when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); })) { test.run(); Assert.assertNotNull(publicClientApplicationMock); @@ -769,6 +777,7 @@ private void mockForUsernamePasswordCodeFlow(String token, TokenRequestContext r when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); })) { test.run(); Assert.assertNotNull(publicClientApplicationMock); @@ -790,6 +799,7 @@ private void mockForUserRefreshTokenFlow(String token, TokenRequestContext reque when(builder.authority(any())).thenReturn(builder); when(builder.instanceDiscovery(anyBoolean())).thenReturn(builder); when(builder.httpClient(any())).thenReturn(builder); + when(builder.logPii(anyBoolean())).thenReturn(builder); })) { test.run(); Assert.assertNotNull(publicClientApplicationMock);